How To Configure Your Windows 11 Security Settings in 2024 [Step-by-Step Guide]

Windows Security features more key settings than you might expect. Learn how to set up your Windows OS for maximum virus, malware, and ransomware protection.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Windows 10 and 11 come preinstalled with Microsoft's proprietary security center, Windows Security (formerly Windows Defender Security). To get the most out of your free PC protection, we recommend enabling 7 security enhancements, from anti-ransomware features to parental controls. 

We walk you through the steps to locate and enable the core features of Microsoft Defender Antivirus (the free antivirus software part of Windows Security, the built-in security app, as well as the antivirus included in the premium Microsoft Defender service).

Plus, we cover whether Microsoft Defender Antivirus is any good and the top antivirus alternatives for Windows

5.0
Editorial Rating
Learn More
On Bitdefender's website
Antivirus Software
Bitdefender
  • Super reliable antivirus software with a non-intrusive free version
  • Simple yet powerful interface tools
  • Perfect protection score in third-party tests
  • Slow scans compared to other options

In this article
How to turn on Windows Security
Top 7 Windows Security settings to enable in 2024
1. Enable anti-ransomware features
2. Enable Microsoft Defender Firewall
3. Turn on reputation-based protection
4. Enable Exploit protection
5. Turn on Core Isolation
6. Set up parental controls
7. Allow Windows Security notifications
Other important Windows Security features
Is Microsoft Defender Antivirus good?
FAQs
Bottom line

How to turn on Windows Security

The Windows Security app is an essential tool for maximizing protection in Windows 10 or 11.

Windows Security Home dashboard Windows 11

The Windows Security app is a tool built into the Windows operating system (OS) that provides an overview of your device’s health and security, including virus and firewall protection. It provides settings for antivirus protection, firewall and networks, apps and browsers, device security, and options for tracking your kids’ online activity.

Updating your Windows Security settings can protect your system from malicious files like viruses and malware.

To find the Windows Security app in Windows 11, type Windows Security in the Search field (located in the taskbar at the bottom of your screen). Then, click Windows Security. A blue shield icon should show up in the taskbar. You can right-click the shield and select “Pin to taskbar” for easy access.

As an alternative to Search in Windows 11, you can do the following:

  1. Go to the Start menu.
  2. Select Settings.
  3. Choose Apps.
  4. Select Apps & Features.
  5. Select the three dots next to Windows Security.

Note that in the early versions of Windows 10, Windows Security was called Windows Defender Security Center.

As you scroll through the options in Windows Security, you’ll see a green checkmark for each setting turned on, along with a “No action needed” message. Click through the icons in the taskbar on the left to dig further into sections like Virus & threat protection and Account protection.

Top 7 Windows Security settings to enable in 2024

Here’s a list of Windows Security settings you’ll want to enable to ensure maximum protection against hackers, malware, phishing, and more.

1. Enable anti-ransomware features

Ransomware is a type of malware that encrypts your files and can lock you out of your computer until you pay a ransom.

Here’s how to enable Ransomware protection in Windows 10 or 11:

  1. Open Windows Security.
  2. Select Virus & threat protection.
  3. Find Ransomware protection and select Manage ransomware protection.
  4. Turn ON controlled folder access if it’s turned off, and select protected folders.
  5. You can select + Add a protected folder.
  6. If you need to remove protection from a folder, select it and then choose Remove.

Windows Security set up ransomware protection Windows 11

Note that if Windows detects that you are using another antivirus program like McAfee VirusScan, you won’t see ransomware protection options in Windows Security, and Microsoft Defender Antivirus will turn off automatically (it will turn back on if you ever uninstall the other program). However, Microsoft Security has been updated to detect threats in passive mode. Simply turn on Microsoft Defender Antivirus to periodically check for threats even when another program is running.

Protection against ransomware is called controlled folder access. This means apps can’t access selected folders unless they’re trusted. You can specify which folders are protected.

In Windows 10 or 11, follow these steps to access controlled folders:

  1. Open Windows Security.
  2. Select Virus & threat protection.
  3. Select Ransomware protection.
  4. Switch Controlled folder access to ON.

Windows Security tamper protection Windows 11

There’s a section in Windows Security to review called Tamper protection. It stops malicious apps from disrupting Microsoft Defender Antivirus settings, such as real-time protection and cloud protection. If you’re using a third-party security app, the Windows Security Tamper protection settings won’t alter the settings in the other app.

Here’s how to find and change the Tamper Protection settings in Windows 10 or 11:

  1. Open Windows Security.
  2. Select Virus & threat protection.
  3. Select Manage settings.
  4. Switch Tamper Protection to ON.

2. Enable Microsoft Defender Firewall

Windows comes with a built-in firewall called Microsoft Defender Firewall. It stops unauthorized network traffic from traveling in and out of a local device. Microsoft recommends keeping its firewall on even if you’re using another antivirus with firewall protection.

Here’s how to enable Microsoft Defender Firewall in Windows 10 and 11:

  1. Open Windows Security.
  2. Select Firewall & network protection.
  3. Select one of these network profiles: Domain network, Private network, or Public network.
  4. Find Microsoft Defender Firewall and turn ON.

Windows Security firewall and network protection Windows 11

If you’re on a corporate network, you’ll need to consult your IT administrator to make necessary changes to your Microsoft Defender Firewall.

3. Turn on reputation-based protection

Reputation-based protection can guard your machine against potentially unwanted applications (PUA). These applications can slow down your computer, display unexpected ads, or install harmful apps. It can also protect against phishing.

Windows comes with this feature turned off on consumer machines. Potentially unwanted app blocking can block problematic apps that you downloaded or installed. However, it only blocks downloads if you’re using the Microsoft Edge browser.

Here’s how to turn on reputation-based protection in Windows 11:

  1. Open Windows Security.
  2. Navigate to App & browser control.
  3. Select Reputation-based protection settings.
  4. Switch on Phishing protection, Potentially unwanted app blocking, and SmartScreen.

Windows Security app and browser control Windows 11

Windows Security reputation-based protection settings Windows 11

In Windows 10, follow these steps:

  1. Open Windows Security.
  2. Choose App & browser control.
  3. Select Reputation-based protection settings.
  4. Click Potentially unwanted app blocking.
  5. Check Block apps.
  6. Check Block downloads.

4. Enable Exploit protection

The Enable Exploit protection feature provides a shield against exploits that could infect your devices and spread throughout your system. The settings apply to the OS or separate apps.

To enable Exploit protection in Windows 11, do the following:

  1. Open Windows Security.
  2. Go to Apps and browser control.
  3. Open Exploit protection settings.
  4. Go to Program settings and choose the app you want to protect.
  5. If the app is already listed, choose it and select Edit. If not, select Add program to customize.
  6. Select Add by program name to apply the Exploit protection settings to a running process.
  7. Select Choose exact file path if you need a standard Windows Explorer file picker window.

Windows Security exploit protection Windows 11

5. Turn on Core Isolation

Core isolation adds virtualization-based security features for added protection against hackers and malicious code. This prevents hackers from taking control of unsecured drivers on your computer.

This feature isolates core processes in memory. Memory integrity builds an isolated environment using hardware virtualization to protect against malicious programs.

Memory integrity in an isolated environment is like a security guard standing inside a locked booth. For applications to safely run a piece of code, the security guard must first approve the code. As Microsoft describes it, a scenario without memory integrity would be like a security guard monitoring your applications from outside the locked booth where someone could hijack the code approval process and allow malicious applications to run.[1]

If you have Windows 11 updated, you should already have Core isolation enabled. If not, follow these steps in Windows 11:

  1. Turn on Windows Security.
  2. Select Device Security.
  3. Select Core isolation.
  4. Under Core isolation, click Memory integrity.

Learn how to configure your online privacy settings and social media settings to keep your accounts safe.

6. Set up parental controls

Keeping a child’s devices safe is a key concern for any parent. This capability is available under Family options.

To access Family options, follow these steps:

  1. Open Windows Security.
  2. Select Family options.
  3. Select View family settings.

Windows Security family options parental controls Windows 11

In this section, you can create a profile and customize settings for particular family members, such as setting screen time limits. In addition, you can select View devices to see where you and your family members have signed in.

7. Allow Windows Security notifications

Windows can let you know when updates are available to strengthen the detection of malware and other threats on your machine.

Follow these steps to enable Windows Security notifications:

  1. Open Windows Security.
  2. Select Settings.
  3. Choose Manage notifications (under Notifications).
  4. Turn ON Get informational notifications (under Virus & threat protection notifications).

Windows Security notifications center Windows 11

Learn how to protect your files by locking your folders in Windows OS.

Other important Windows Security features

Here are a few other Windows Security settings to keep in mind.

Set up Windows Security Updates

Follow these steps to configure security updates:

  1. Go to the Start menu.
  2. Select Settings.
  3. Select Windows Update.

Windows 11 updates in Settings

Scan your PC with Microsoft Defender Antivirus

In addition to a full scan, you can also choose a quick scan, a custom scan, or a Microsoft Defender Antivirus offline scan. Here’s how to start scanning:

  1. Open Windows Security.
  2. Click Virus & threat protection.
  3. Select Scan options under Current threats.
  4. Select Full scan.

Windows Security scan options full scan Windows 11

Temporarily turn off Microsoft Defender Antivirus

Microsoft Defender Antivirus automatically turns off if you’re running other antivirus software. Antivirus software is necessary to protect against threats of malware, viruses, phishing, and cyberattacks.

People may turn off Microsoft Defender Antivirus if it’s running a scan and they’re accessing sensitive data. Here’s how to turn off Microsoft Defender Antivirus:

  1. Open Windows Security.
  2. Select Virus & threat protection.
  3. Select Manage settings.
  4. Switch Real-time protection OFF.

Windows Security real-time protection Windows 11

How to turn on Microsoft Defender Firewall in Windows 10 or 11

Microsoft recommends keeping Defender Firewall on even if you are running a separate firewall. If you need to run an application that Microsoft Defender Firewall may block, you can allow it. Here’s how to turn on Microsoft Defender Firewall.

  1. Open Windows Security.
  2. Select a network profile from the following: Domain network, Private network, or Public network.
  3. Look for the Microsoft Defender Firewall and switch it ON.

Windows Security firewall enabled Windows 11

Check your device health

Another key security feature involves managing your device health and performance. You can track battery life status and ensure no issues with apps and software.

Follow these steps to access settings for device performance & health.

  1. Open Windows Security.
  2. Select Device performance & health.

Windows Security device performance and health Windows 11

You can explore the Storage capacity section to check if your system is running low on disk space. You can also check Battery Life to find out if various applications are straining your battery.

Is Microsoft Defender Antivirus good?

Windows Defender (now rebranded as Microsoft Defender) is the antivirus product preinstalled with Windows. It offers some attractive features, such as parental controls, and can protect your devices from malware while you navigate the internet. However, it lacks webcam protection, which parents and other users may prefer.

AV-Test tested Microsoft Defender Antivirus in Sept/Oct 2024, and the software scored a perfect 6 out of 6 for protection, performance, and usability.[2]

The downside to Microsoft Defender Antivirus is it may bring reduced protection when using browsers like Google Chrome or Mozilla Firefox. You’ll have to stick with the Microsoft Edge browser to get the most protection. Microsoft Defender also lacks a password manager.

Given these limitations, we'd recommend checking out a third-party antivirus product that offers additional security features, such as a VPN, a password manager, identity theft protection, safe browsing, an ad blocker, and more. 

Antivirus
Best for Best overall antivirus software All-in-one software Comprehensive security Best value
Starting price $29.00/yr (first year only) $35.99/first yr $29.99/first yr $3.19/mo (billed annually)
Features Zero-day scans, anti-phishing, ransomware protection, password manager, ad blocker, TotalVPN Antivirus protection, VPN, password manager, security for multiple devices Antivirus, malware, ransomware, and hacking protection, cloud backup, password manager, Norton Secure VPN Antivirus protection, Surfshark VPN, private search engine, data leak alerts, ad blocker
Learn more Get TotalAV Get Aura Get Norton360 Antivirus Get Surfshark Antivirus

FAQs


+

What are the best security settings for Windows 10 or 11?

Enable anti-ransomware features in Windows 10 or 11 so you won’t be locked out of using your computer and asked to pay a ransom (don’t ever pay a ransom, as it doesn’t guarantee recovery). Also, be sure to configure Windows Security notifications so you know when updates are available to strengthen the detection of malware and other threats on your machine.


+

What is Windows Security settings?

Windows Security settings is where you can manage the security providers that protect your device. It also lets you configure your Windows Security notifications.


+

Is Windows 10 or 11 Security all I need?

Yes, if you use the Microsoft Edge browser and Office 365, you will have solid protection with Windows Security and the default Microsoft Defender Antivirus. However, you may experience limited protection when using third-party browsers like Google Chrome or Firefox. If you want concurrent coverage with another reputable third-party solution, we recommend checking out the best antivirus software for Windows 11

Bottom line

When you’re thinking about how to protect your Windows PC, remember to keep on top of your virus and security updates no matter which applications you use. Keep the following settings on to optimize your protection against cyberthreats:

  • Anti-ransomware features
  • Tamper protection
  • Phishing protection
  • Exploit protection
  • Core isolation

In addition, be sure to update your online security settings for Google and the social media sites you use to ensure maximum protection against hackers and malware. You can also invest in another reputable third-party antivirus solution to use along with Microsoft Defender Antivirus. 

No Fuss, Real-Time Online and Mobile Protection
4.7
Editorial Rating
Learn More
On TotalAV's website
Antivirus Software
TotalAV
First year discount on paid plans
  • Real-time protection from viruses, malware, and online threats
  • Blocks tracking cookies and ads, proactively monitors for data breaches, and option to schedule smart scans
  • 100% compatible with Windows, Mac, Android, and iOS operating systems on up to 3 devices
  • Lacks firewall protection

Author Details
Brian T. Horowitz is a writer with more than 25 years of experience covering technology. He has written on security topics that include deepfakes, identity management, payment card security, data breaches, zero trust, ransomware protection, and data privacy. His work has appeared in publications that include Computer Shopper, eWEEK, Fast Company, InformationWeek, IEEE Spectrum, PCMag, and Scientific American. A resident of New York City, he earned a degree in English from Hofstra University. Follow him on Twitter @bthorowitz.
Kate is an Editor at All About Cookies. She has 8+ years of digital publishing experience as a content manager, developmental editor, and curriculum writer. She leverages specializations in EdTech and educational publishing to create impactful, well-researched content that aids learners of all ages.

Citations

[1] Core Isolation

[2] AV-Test Windows Sept/Oct 2024